How to configure path control on a cisco router using route-map

Assuming you have two unequal WAN links from an ISP, one of the options available to you to is the configuration of automatic failover. This ensures that control is switched to the secondary link whenever the primary goes down. As good as this option is, most companies do not want to pay for a link whose usage is tied to the failure of another. Not now that ISPs can guarantee 96% uptime.  If you find yourself in a similar situation, one of the options available to you is path control, which is what I want to share in this post. In this demonstration, I will configure path control to distribute packets across two ISP links and automate fail-overs using route-map. The main objective of this lab is to achieve load balancing and automatic fail-over across two unequal WAN links.

To achieve path control, I will be using access-lists to divide users into two main groups based on their source IP, then use route-maps to capture these access-lists and route them out via a chosen ISP. Since both links are unequal, more users will go through ISP1 than ISP2. This lab will be implemented on Gns3.

Network Topology

Configuring path control on Cisco router

Since I want traffics from top_users to go through ISP1 but fail over to ISP2 when ISP1 goes down, I will configure IP SLA to track reachability on ISP1. As long as ISP1 is reachable, top_users’ packets will be routed out ISP1. The lab will be implemented using the cisco c7200 series router on GNS3. The original GNS3 topology is shown below:

Configure IP SLA Monitor

R1(config)# ip sla monitor 1

R1(config-sla-monitor)# type echo protocol ipIcmpEcho 1.1.1.1 source-interface FastEthernet0/0

R1(config-sla-monitor)#exit

R1(config)#track 1 rtr 1 reachability

R1(config)#ip sla monitor schedule 1 life forever start-time now

Configure access-lists

Next, we configure two separate access-lists to match users based on the source IP addresses. More users can be added to each group by simply adding the source IP to the access-lists. The access-lists will be used to create route-maps. See below

R1(config)#ip access-list extended top_users

R1(config-ext-nacl)#permit ip host 192.168.1.2 any

R1(config-ext-nacl)#exit

R1(config)#ip access-list extended other_users

R1(config-ext-nacl)#permit ip host 192.168.1.128 any

 

You may also like:  Configuring a single-area OSPF for a network topology of three Cisco routers and five networks

 

Create route-maps

Next, we create route-maps and set next-hop addresses using the access-lists above. See below:

R1(config)#route-map path_control permit 10

R1(config-route-map)#match ip add top_users

R1(config-route-map)#set ip next-hop verify-availability 1.1.1.1 1 track 1 ( track one was created earlier)

R1(config-route-map)#set ip next-hop 2.2.2.1

R1(config-route-map)#exit

R1(config)#route-map path_control permit 20

R1(config-route-map)#match ip add other_users

R1(config-route-map)#set ip next-hop 2.2.2.1

R1(config-route-map)#

Apply route-maps

Finally, I will apply the route-map to the LAN interface. This will ensure that the packets will be filtered as they enter the router. See below:

R1(config)#interface f1/1

R1(config-if)#ip policy route-map path_control

Verification

Pings from client1 (192.168.1.2) to 1.1.1.1 (ISP1) should be successful while pings from the same client to 2.2.2.1 (ISP2) should be unsuccessful. This is because as long as ISP1 is reachable, R1 will never route through ISP2. Client1 can reach 2.2.2.1 only when ISP1 is down. See test results below:

path control on cisco
Image shows next-hop addresses set using route-maps
path control on cisco router
Image showing ping results to ISP addresses from clients 1 and 2

Finally, I will shut down ISP1 to see of cleint1’s packets will go through ISP2. See result below.

Path control on cisco router
Image showing ping results to ISPs 1 and 2

Image showing client1’s packets being routed out through ISP2 as ISP1 becomes unreachable. We can see from the image that as ISP1 becomes unreachable, client1’s packets are now being sent out via ISP2.

That is it guys. If you have troubles implementing this lab and need clarification, kindly drop a comment. Please like my Facebook page, follow me on Twitter handle and subscribe to my YouTube channel.

Spread the love

Timigate

Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

Leave a Reply

Your email address will not be published. Required fields are marked *